Next: Articles, Previous: Signing keys, Up: Sergey Matveev’s homepage
All my domains are under control of stargrave.org
’s nameservers.
DNSSEC inherently sucks, at least because it is global-scale PKI, so it
is not secure against government-level adversary. That is why, my
nameservers use DNSCurve technology.
All my TLS certificates use
DANE, so their subject public key hashes are stored inside DNS TLSA
records. However all that certificates are also signed by my own
ca.cypherpunks.ru and
cagost.cypherpunks.ru CAs.
There are my authoritative DNSCurve PGP signed nameservers below. Of course the trust anchor is my PGP key.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 uz5nulnd504gp3s7sdmdl5l2gxc762hpw926t90k39ltxp67flbccn uz544mqwggqbf3z4utlhfqn45vpbpq78nc63hpg5u2ut29stkt0pkr -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEIpNVsPbb+nIRVbvGHh7ERWs1C6UFAmI8yxoACgkQHh7ERWs1 C6VesA/8CGuX4oDajykMZRG4aI4T6Z474V4/n6DV3A4q0N9YruFdvrqOR/FnNQws ov9AhhO+DXsT9q6bAkkXcBgVCioqFxhRCfzQ7UcPXrtkiqHtLlcXd391N6Xpo1jC woa9SbL8bz7ZFIyClAWhnaInUWjMjX1BGMWoKX4KERceXzPuh1qrSoOqMnf2FGTp wAaCoO4aaTg9wwbFpth4Lr5EgKr09+pNI1vseKBqbCjjXD8UzBripP/7Ca8I1P3h 9xMSNYKv7ZYV5KET2WIFEBGmTk7Dw/xrF5Rgwfnru7Xbn5F73Vv3qjbca+SVVswa jTdkgNldE/CU4/KOR7NJSHVMDOkq0edjVIoJ+49LRk6X1kEFl9H06Ng70PnIkefi LC86XHWLdCxy9mtCd+DYfvAFS2kzCl5zB5+IFdBu6ipPBTcw3fNByMjBQMhuz+WB TaistkNvi99KUHHj7Hu6an1UicwdCGQ3M0pqQ4guMrQ/GkywLqxDxccC2V3v+LOz GIjNE5pCZ9ETHgOwOtiB1UUjydL446eopbpkPByMR7PbKd/Tdk8LaixFcpZz69Ka Cr7iOowB7/jyuWVBWMbYepDUl575Xcxvp9foRjNfJMLlKqJb4X6mlXpNv5tkLkcg Rf9Rkpf6yUoiL4UrOomqx3hpZ6F53kWNqngA9FzV7gfqn9eza1Y= =6qvm -----END PGP SIGNATURE-----
Also nearly all my domains has y.
prefix, leading to
Yggdrasil accessible address.